Mobile Malware Security Challenges and Cloud-Based Detection

Mobile Malware Security Challenges and Cloud-Based Detection

Mobile Malware Security Challeges and Cloud-Based Detection Nicholas Penning, Michael Hoffman, Jason Nikolai, Yong Wang College of Business and Information Systems Dakota State University Madison, SD 57042 {nfpenning, mjhoffman13054, janikolai}@pluto.dsu.edu, [email protected] Abstract— Mobile malware has gained significant ground since the techniques, privilege escalation, remote control, financial dawning of smartphones and handheld devices. TrendLabs charge, and information collection, etc. The previous stated estimated that there were 718,000 malicious and high risk Android techniques provide a malicious attacker with a variety of options apps in the second quarter of 2013. Mobile malware malicious to utilize a compromised mobile device. infections arise through various techniques such as installing repackaged legitimate apps with malware, updating current apps Many mobile malware prevention techniques are ported from that piggy back malicious variants, or even a drive-by download. desktop or laptop computers. However, due to the uniqueness of The infections themselves will perform at least one or multiple of smartphones [6], such as multiple-entrance open system, the following techniques, privilege escalation, remote control, platform-oriented, central data management, vulnerability to financial charge, and information collection, etc. This paper theft and lost, etc., challenges are also encountered when porting summarizes mobile malware threats and attacks, cybercriminal existing anti-malware techniques to mobile devices. These motivations behind malware, existing prevention methods and challenges include, inefficient security solutions, limitations of their limitations, and challenges encountered when preventing signature-based mobile malware detection, lax control of third malware on mobile devices. The paper further proposes a cloud- party app stores, and uneducated or careless users, etc. based framework for mobile malware detection. The proposed framework requires a collaboration among mobile subscribers, This paper reviews and summarizes mobile malware threats app stores, and IT security professionals. The cloud-based and attacks, cybercriminal motivations behind malware, existing malware detection is a promising approach towards mobile prevention methods and their limitations, and challenges security. encountered when preventing malware on mobile devices. Collaborate is an effective technique towards future mobile Keywords- mobile, malware, security, detection, cloud, Android malware detection [7], [8]. The paper further proposes a cloud- based framework for mobile malware detection. The proposed I. INTRODUCTION framework requires a collaboration among mobile subscribers, Mobile devices, such as smartphones and tablets, have been app stores, and IT security professionals. The cloud-based widely used for personal and business purposes. According to a malware detection is a promising approach towards mobile recent report from KPBC, the number of smartphone users has security. risen above a billion in Q3 2012 globally [1]. Gartner estimated that 1.2 billion smartphones and tablets could be sold in 2013 The remainder of the paper is organized as follows: Section II [2]. summarizes mobile malware threats and attacks. Section III reveals the cybercriminal motivations behind mobile malware. One of the greatest threats to data privacy and security is Section IV reviews and compares existing mobile malware mobile malware. As the largest installed base of mobile prevention techniques, followed by the discussion of challenges platform, Android accounted for 81% of all smartphone to prevent malware on mobile devices in Section V. Section VI shipments in Q3 2013 [3]. TrendLabs estimated that there were presents the proposed cloud-based mobile malware detection 718,000 malicious and high risk Android apps in the second framework. Section VII concludes the paper. quarter of 2013 [4]. In addition, according to F-Secure, out of the 259 new threat families and new variants of existing families II. MOBILE MALWARE THREATS AND ATTACKS discovered in Q3 2013, 252 were Android threats [5]. Mobile phone virus emerged as early as 2004. Since then, Statistically, Android is the most targeted mobile platform when significant amounts of malware have been reported in it comes to malicious apps. This paper focuses on malware smartphones. security challenges in Android devices. However, many security issues discussed and the approaches presented in this paper also A. Mobile Malware apply to other mobile platforms. Smartphone malware falls in three main categories, virus, Mobile malware malicious infections arise through various Trojan, and spyware [6]. Trojan and spyware are the dominant techniques such as installing repackaged legitimate apps with malware in smartphones. malware, updating current apps that piggy back malicious variants, or even a drive-by download. The infections 1) Virus themselves will perform at least one or multiple of the following 978-1-4799-5158-1/14/$31.00 ©2014 IEEE 181 Virus emerged in mobile phones as early as 2004. They are Spam can be carried through emails or MMS messages. typically disguised as a game, a security patch, or other Spam messages may include URLs which direct users to desirable applications and are then downloaded to a phishing or pharming websites. MMS spam can also be used for smartphone. starting denial of service attacks. The number of U.S. spam text messages rose 45 percent in 2011 to 4.5 billion messages, Viruses can spread not only through internet downloads or according to Richi Jennings, an industry analyst. memory cards, but they can also spread through Bluetooth. Two Bluetooth viruses have been reported in smartphones: 3) Spoofing Bluejacking and Bluesnarfing. Bluejacking sends unsolicited An attacker may spoof the “Caller ID” and pretend to be a messages over Bluetooth to Bluetooth-enabled device (limited range, usually around 33 feet). Bluesnarfing can access trusted party. Researchers also demonstrated how to spoof unauthorized information in a smartphone through a Bluetooth MMS messages that appeared to be messages coming from 611, the number the carriers use to send out alerts or update connection. notifications [10]. Further, base stations could be spoofed too 2) Trojan [11]. Trojan is another type of malware in smartphones. Most 4) Phishing Trojans in smartphones are related to activities such as recording calls, instant messages, locating via GPS, forwarding Phishing attack is a way to steal personal information, such call logs and other vital data. SMS Trojans are one of the largest as user name, password, credit card account, etc., by categories of mobile malware. It runs in the background of an masquerading as a trusted party. Many phishing attacks have application and sends SMS messages to a premium rate account been recognized in social networking, emails, and MMS owned by an attacker. Malware belonging to this category is the messages. For example, many mobile applications include HippoSMS. It increases the phone billing charges of users by social sharing and payment buttons. A malicious application sending SMS to premium mobiles and also blocks messages can similarly include a “Share on Facebook” button and redirect from service providers to users alerting them of additional the users to a spoofed target application. The target application charges. can then request the user’s secret credentials and steal the data. 3) Spyware 5) Pharming Spyware collects information about users without their In pharming attacks, attackers can redirect web traffic in a knowledge. Spyware has given rise to many concerns about smartphone to a malicious or bogus website. By collecting the invasion of users’ privacy. According to Juniper’s 2011 subscriber’s smartphone information, specific attacks may malware report, spyware was the dominate one of malware follow after pharming attacks. For example, when a user which affects Android phones [9]. It accounted for 63 percent browses a web site in a smartphone, the HTTP header usually of the samples identified in 2011. A concern of Carrier IQ was includes the smartphone’s operating system, browser recently raised. A Carrier IQ application is usually pre-installed information, and version number. With this information, an in a smartphone device and it collects usage data to help carriers attacker may learn the security leaks of the smartphone and is to make network and service improvements. Mobile operators, then able to start specific attacks on the smartphone. device manufacturers, and application vendors may need this 6) Vishing usage information to deliver high quality products and services. However, smartphone subscribers have to be assured what data Vishing is a short term for “voice” and “phishing”. It is an is being collected and how said data is processed and stored. attack which malicious users try to gain access to private and Mobile subscribers’ privacy needs to be protected when data is financial information from a smartphone subscriber. By transmitted, processed, and stored. spoofing the “Caller ID”, the attacker may look like from a trusted party and spoof the smartphone users to release their B. Threats and Attacks personal credentials. Smartphones are under numerous threats and attacks. These 7) Data leakage threats and attacks are summarized below. Data leakage is the unauthorized transmission of personal 1) Sniffing information or corporate data. It includes both intentional and There are various ways to sniff or tap a smartphone.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us